UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IBM z/VM TCP/IP configuration must include an SSLSERVERID statement.


Overview

Finding ID Version Rule ID IA Controls Severity
V-78859 IBMZ-VM-000110 SV-93565r1_rule Medium
Description
The Secure Socket Layer (SSL) server, provides processing support for secure (encrypted) communication between remote clients and z/VM TCP/IP application servers that are configured for secure communications The TCP/IP (stack) server routes requests for secure connections to an SSL server, which interacts with a client on behalf of an application server to perform handshake operations and the exchange of cryptographic parameters for a secure session. The SSL server then manages the encryption and decryption of data for an established, secure session. Remote access is access to DoD nonpublic information systems by an authorized user (or an information system) communicating through an external, non-organization-controlled network. Remote access methods include, for example, dial-up, broadband, and wireless. Encryption provides a means to secure the remote connection to prevent unauthorized access to the data traversing the remote access connection (e.g., RDP), thereby providing a degree of confidentiality. The encryption strength of a mechanism is selected based on the security categorization of the information. Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session. Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000250-GPOS-00093, SRG-OS-000424-GPOS-00188, SRG-OS-000426-GPOS-00190, SRG-OS-000393-GPOS-00173, SRG-OS-000394-GPOS-00174, SRG-OS-000423-GPOS-00187
STIG Date
IBM z/VM Using CA VM:Secure Security Technical Implementation Guide 2017-12-11

Details

Check Text ( C-78445r2_chk )
Examine the “SSLSERVERID” statement in the TCP/IP server configuration file.

If the “SSLSERVERID” statement identifies at least one userID for an SSL server, this is not a finding.
Fix Text (F-85609r1_fix)
Configure the “SSLSERVERID” statement to force auto logging of an SSL server before all other servers in the “AUTOLOG” list.